ci: use publish workflow

Author: n8maninger

.github/workflows/publish.yml

@@ -6,245 +6,23 @@ on:
   push:
     branches:
       - master
-      - dev
     tags:
-      - 'v[0-9]+.[0-9]+.[0-9]+'
-      - 'v[0-9]+.[0-9]+.[0-9]+-**'
+      - "v[0-9]+.[0-9]+.[0-9]+"
+      - "v[0-9]+.[0-9]+.[0-9]+-**"
 
 concurrency:
   group: ${{ github.workflow }}
-
-env:
-  REGISTRY: ghcr.io
-  IMAGE_NAME: ${{ github.repository }}
+  cancel-in-progress: false
 
 jobs:
-  docker:
-    runs-on: ubuntu-latest
-    permissions:
-      packages: write
-    steps:
-      - uses: actions/checkout@v4
-      - uses: docker/setup-qemu-action@v3
-      - uses: docker/setup-buildx-action@v3
-      - uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - uses: docker/metadata-action@v4
-        name: Generate tags
-        id: meta
-        with:
-          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-          tags: |
-            type=ref,event=branch
-            type=sha,prefix=
-            type=semver,pattern={{version}}
-      - uses: docker/build-push-action@v4
-        with:
-          context: .
-          file: ./docker/Dockerfile
-          platforms: linux/amd64,linux/arm64
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-  build-linux:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        arch: [ amd64, arm64 ]
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v5
-        with:
-          go-version: 'stable'
-      - name: Setup
-        run: |
-          go generate ./...
-          if [ ${{ matrix.arch }} == "arm64" ]; then
-            sudo apt update
-            sudo apt install -y gcc-aarch64-linux-gnu
-            echo "CC=aarch64-linux-gnu-gcc" >> $GITHUB_ENV
-          fi
-      - name: Build ${{ matrix.arch }}
-        env:
-          CGO_ENABLED: 1
-          GOOS: linux
-          GOARCH: ${{ matrix.arch }}
-        run: |
-          mkdir -p release
-          ZIP_OUTPUT=release/renterd_${GOOS}_${GOARCH}.zip
-          go build -trimpath -o bin/ -a -ldflags '-s -w -linkmode external -extldflags "-static"' ./cmd/renterd
-          cp README.md LICENSE bin/
-          zip -qj $ZIP_OUTPUT bin/*
-      - uses: actions/upload-artifact@v4
-        with:
-          name: renterd_linux_${{ matrix.arch }}
-          path: release/*
-  build-mac:
-    runs-on: macos-latest
-    strategy:
-      matrix:
-        arch: [ amd64, arm64 ]
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v5
-        with:
-          go-version: 'stable'
-      - name: Setup Notarization
-        env:
-          APPLE_CERT_ID: ${{ secrets.APPLE_CERT_ID }}
-          APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
-          APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
-          APPLE_KEY_B64: ${{ secrets.APPLE_KEY_B64 }}
-          APPLE_CERT_B64: ${{ secrets.APPLE_CERT_B64 }}
-          APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }}
-          APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }}
-        run: |
-          # extract apple cert
-          APPLE_CERT_PATH=$RUNNER_TEMP/apple_cert.p12
-          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
-          echo -n "$APPLE_CERT_B64" | base64 --decode --output $APPLE_CERT_PATH
-
-          # extract apple key
-          mkdir -p ~/private_keys
-          APPLE_API_KEY_PATH=~/private_keys/AuthKey_$APPLE_API_KEY.p8
-          echo -n "$APPLE_KEY_B64" | base64 --decode --output $APPLE_API_KEY_PATH
-
-          # create temp keychain
-          security create-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
-          security default-keychain -s $KEYCHAIN_PATH
-          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
-          security unlock-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
-
-          # import keychain
-          security import $APPLE_CERT_PATH -P $APPLE_CERT_PASSWORD -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
-          security find-identity -v $KEYCHAIN_PATH -p codesigning
-          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $APPLE_KEYCHAIN_PASSWORD $KEYCHAIN_PATH
-
-          # generate
-          go generate ./...
-      - name: Build ${{ matrix.arch }}
-        env:
-          APPLE_CERT_ID: ${{ secrets.APPLE_CERT_ID }}
-          APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
-          APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
-          APPLE_KEY_B64: ${{ secrets.APPLE_KEY_B64 }}
-          APPLE_CERT_B64: ${{ secrets.APPLE_CERT_B64 }}
-          APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }}
-          APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }}
-          CGO_ENABLED: 1
-          GOOS: darwin
-          GOARCH: ${{ matrix.arch }}
-        run: |
-          mkdir -p release
-          ZIP_OUTPUT=release/renterd${{ env.ZIP_OUTPUT_SUFFIX }}_${GOOS}_${GOARCH}.zip
-          go build -trimpath -o bin/ -a -ldflags '-s -w' ./cmd/renterd
-          cp README.md LICENSE bin/
-          /usr/bin/codesign --deep -f -v --timestamp -o runtime,library -s $APPLE_CERT_ID bin/renterd
-          ditto -ck bin $ZIP_OUTPUT
-          xcrun notarytool submit -k ~/private_keys/AuthKey_$APPLE_API_KEY.p8 -d $APPLE_API_KEY -i $APPLE_API_ISSUER --wait --timeout 10m $ZIP_OUTPUT
-      - uses: actions/upload-artifact@v4
-        with:
-          name: renterd_darwin_${{ matrix.arch }}
-          path: release/*
-  build-windows:
-    runs-on: windows-latest
-    strategy:
-      matrix:
-        arch: [ amd64 ]
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v5
-        with:
-          go-version: 'stable'
-      - name: Setup
-        shell: bash
-        run: |
-          dotnet tool install --global AzureSignTool
-          go generate ./...
-      - name: Build ${{ matrix.arch }}
-        env:
-          CGO_ENABLED: 1
-          GOOS: windows
-          GOARCH: ${{ matrix.arch }}
-        shell: bash
-        run: |
-          mkdir -p release
-          ZIP_OUTPUT=release/renterd${{ env.ZIP_OUTPUT_SUFFIX }}_${GOOS}_${GOARCH}.zip
-          go build -trimpath -o bin/ -a -ldflags '-s -w -linkmode external -extldflags "-static"' ./cmd/renterd
-          azuresigntool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v bin/renterd.exe
-          cp README.md LICENSE bin/
-          7z a $ZIP_OUTPUT bin/*
-      - uses: actions/upload-artifact@v4
-        with:
-          name: renterd_windows_${{ matrix.arch }}
-          path: release/*
-
-  combine-release-assets:
-    runs-on: ubuntu-latest
-    needs: [ build-linux, build-mac, build-windows ]
-    steps:
-      - name: Merge Artifacts
-        uses: actions/upload-artifact/merge@v4
-        with:
-          name: renterd
-
-  dispatch-homebrew: # only runs on full releases
-    if: startsWith(github.ref, 'refs/tags/v') && !contains(github.ref, '-')
-    needs: [ build-mac ]
-    runs-on: ubuntu-latest
-    steps:
-      - name: Extract Tag Name
-        id: get_tag
-        run: echo "tag_name=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
-
-      - name: Dispatch
-        uses: peter-evans/repository-dispatch@v3
-        with:
-          token: ${{ secrets.PAT_REPOSITORY_DISPATCH }}
-          repository: siafoundation/homebrew-sia
-          event-type: release-tagged
-          client-payload: >
-            {
-              "description": "Renterd: The Next-Gen Sia Renter",
-              "tag": "${{ env.tag_name }}",
-              "project": "renterd",
-              "workflow_id": "${{ github.run_id }}"
-            }
-  dispatch-linux: # run on full releases, release candidates, and master branch
-    if: startsWith(github.ref, 'refs/tags/v') || endsWith(github.ref, 'master')
-    needs: [ build-linux ]
-    runs-on: ubuntu-latest
-    steps:
-      - name: Build Dispatch Payload
-        id: get_payload
-        uses: actions/github-script@v7
-        with:
-          script: |
-            const isRelease = context.ref.startsWith('refs/tags/v'),
-              isBeta = isRelease && context.ref.includes('-beta'),
-              tag = isRelease ? context.ref.replace('refs/tags/', '') : 'master';
-
-            let component = 'nightly';
-            if (isBeta) {
-              component = 'beta';
-            } else if (isRelease) {
-              component = 'main';
-            }
-
-            return {
-              description: "renterd: The Next-Gen Sia Renter",
-              tag: tag,
-              project: "renterd",
-              workflow_id: context.runId,
-              component: component
-            };
-
-      - name: Dispatch
-        uses: peter-evans/repository-dispatch@v3
-        with:
-          token: ${{ secrets.PAT_REPOSITORY_DISPATCH }}
-          repository: siafoundation/linux
-          event-type: release-tagged
-          client-payload: ${{ steps.get_payload.outputs.result }}
+  publish:
+    uses: SiaFoundation/workflows/.github/workflows/go-publish.yml@master
+    secrets: inherit
+    with:
+      linux-build-args: -tags='timetzdata netgo' -trimpath -a -ldflags '-s -w -linkmode external -extldflags "-static"'
+      windows-build-args: -tags='timetzdata netgo' -trimpath -a -ldflags '-s -w -linkmode external -extldflags "-static"'
+      macos-build-args: -tags='timetzdata netgo' -trimpath -a -ldflags '-s -w'
+      cgo-enabled: 1
+      project: renterd
+      project-desc: "renterd: The Next-Gen Sia Renter"
+      version-tag: ${{ github.ref_name }}